[FW-1] Tool for viewing external audit log file
Hi, there are audit log files (and also normal traffic logs maybe) which are stored on a disk and i have to open them which smartviewtracker doesnt seem to help . Are there any tools methods for that? Regards Scanned by Check Point Total Security Gateway. = To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com =
[FW-1] Georg Schwab ist außer Haus.
Ich werde ab 29.07.2011 nicht im Büro sein. Ich kehre zurück am 01.08.2011. In dringenden Fällen wenden Sie sich bitte an Herrn Andreas Brandauer (andreas.branda...@rvs.at) oder Herrn Christian Moser (christian.mo...@rvs.at) Ich werde Ihre Nachricht nach meiner Rückkehr beantworten. Die Übermittlung von Nachrichten per e-mail erfolgt ausschließlich zu Informationszwecken. Rechtsverbindliche Erklärungen werden über dieses Medium nicht abgegeben. This message and any attached files are only for information purposes. E-Mail is not used for the exchange of legally binding statements. Scanned by Check Point Total Security Gateway. = To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail = To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html = If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com =
Re: [FW-1] getting information about rule creations from audit logs
Hi ,
Many thanks here is the added 'security_rule'is the clue to look for
for a new rule creation.
Regards
2011/6/29 Alexey Baltacov drongt...@gmail.com:
Hi,
Rule modification shown following way (in R65)
Number: 11264
Date: 29Jun2011
Time: 9:02:38
Application: SmartDashboard
Subject: Object Manipulation
Operation: Modify Object
Type: Log
Object Type: firewall_policy
Performed On: Standard
Changes: UID = {8E7D9D25-757B-4CA4-956B-623D0A559264}
Section Title 18 UID =
{B893952E-ED77-4BA0-B9A7-98179F744D09} state: changed from 'collapsed'
to 'expanded'
Rule 159: added 'security_rule' -
UID = {2950150B-9A7E-438A-9929-BFC280D3488C}
Source: Lync_DMZ
Destination: Any
VPN: Any
Service: domain-tcp
Action: accept
Install On: Cluster_IL
Administrator: alexey
Client: MANGIL1-VM
Client IP: MGMT-IL (172.30.10.25)
Object Table: fw_policies
Operation Number: 1
Origin: FW1-IL
Uid: {8E7D9D25-757B-4CA4-956B-623D0A559264}
So you should search for relevant UID in Changes field of audit logs.
Please be sure you are searching in correct logs (by date)
On Wed, Jun 29, 2011 at 9:21 AM, pkc mls pkc_...@yahoo.fr wrote:
Le 27/06/2011 10:49, a bv a écrit :
Hi list,
Hi a
I have some rules on the firewall and i have to find out who and when
created the specific rules (numbers given) . Audit logs on
smartviewtracker are not so easiliy understandable so i wanted to ask
the list for the best way.
I'm afraid it's the only way for you to trace back what has been done.
which version are you running ?
looks like the 'create rule' doesn't exist in the operation list;
you can search when the object that are used by this rule were created.
you can also ask the firewall admins to comment what they do. (there is a
comment column in firewall rulebase).
Scanned by Check Point Total Security Gateway.
=
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=
--
Sincerely,
Alexey Baltacov
drongt...@gmail.com | Tel: +972-504989954
Scanned by Check Point Total Security Gateway.
=
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=
Scanned by Check Point Total Security Gateway.
Scanned by Check Point Total Security Gateway.
=
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=
Scanned by Check Point Total Security Gateway.
Re: [FW-1] getting information about rule creations from audit logs
There are logs for some logs which says added added security_rule but
not all the ones. and exactly the rules i found seem doesnt
exit?strange
regards
2011/7/29 a bv vbavbal...@gmail.com:
Hi ,
Many thanks here is the added 'security_rule'is the clue to look for
for a new rule creation.
Regards
2011/6/29 Alexey Baltacov drongt...@gmail.com:
Hi,
Rule modification shown following way (in R65)
Number: 11264
Date: 29Jun2011
Time: 9:02:38
Application: SmartDashboard
Subject: Object Manipulation
Operation: Modify Object
Type: Log
Object Type: firewall_policy
Performed On: Standard
Changes: UID = {8E7D9D25-757B-4CA4-956B-623D0A559264}
Section Title 18 UID =
{B893952E-ED77-4BA0-B9A7-98179F744D09} state: changed from 'collapsed'
to 'expanded'
Rule 159: added 'security_rule' -
UID = {2950150B-9A7E-438A-9929-BFC280D3488C}
Source: Lync_DMZ
Destination: Any
VPN: Any
Service: domain-tcp
Action: accept
Install On: Cluster_IL
Administrator: alexey
Client: MANGIL1-VM
Client IP: MGMT-IL (172.30.10.25)
Object Table: fw_policies
Operation Number: 1
Origin: FW1-IL
Uid: {8E7D9D25-757B-4CA4-956B-623D0A559264}
So you should search for relevant UID in Changes field of audit logs.
Please be sure you are searching in correct logs (by date)
On Wed, Jun 29, 2011 at 9:21 AM, pkc mls pkc_...@yahoo.fr wrote:
Le 27/06/2011 10:49, a bv a écrit :
Hi list,
Hi a
I have some rules on the firewall and i have to find out who and when
created the specific rules (numbers given) . Audit logs on
smartviewtracker are not so easiliy understandable so i wanted to ask
the list for the best way.
I'm afraid it's the only way for you to trace back what has been done.
which version are you running ?
looks like the 'create rule' doesn't exist in the operation list;
you can search when the object that are used by this rule were created.
you can also ask the firewall admins to comment what they do. (there is a
comment column in firewall rulebase).
Scanned by Check Point Total Security Gateway.
=
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=
--
Sincerely,
Alexey Baltacov
drongt...@gmail.com | Tel: +972-504989954
Scanned by Check Point Total Security Gateway.
=
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=
Scanned by Check Point Total Security Gateway.
Scanned by Check Point Total Security Gateway.
=
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=
